FlyerTalk Forums
Page 1 of 2
1
2
Show 40 post(s) from this thread on one page

FlyerTalk Forums (https://www.flyertalk.com/forum/index.php)
-   Practical Travel Safety and Security Issues (https://www.flyertalk.com/forum/practical-travel-safety-security-issues-686/)
-   -   TSA Using Illegal Tracking Cookies (https://www.flyertalk.com/forum/practical-travel-safety-security-issues/1050260-tsa-using-illegal-tracking-cookies.html)

mileena Feb 9, 2010 11:28 pm
TSA Using Illegal Tracking Cookies
 
http://www.wired.com/threatlevel/200...e_tsas_tracki/

Are TSA’s Tracking Cookies Legal?

* By Ryan Singel Email Author
* February 14, 2007 |
* 9:50 am |
* Categories: Uncategorized
*

The Transportation Security Agency’s website is not only hosting a site that looks like a phishing attack designed to steal personal information from citizens, it’s also using cookies on its website — a practice that the government frowns on. The main TSA site sets two cookies — both of which expire in 2017.
One of the cookies is set to tsa.gov, while the other is served from a web analytics company called WebTrends.

Now the TSA does state on its privacy policy page that it uses cookies. But, that may not be enough to satisfy the government policy on the use of tracking cookies. In 2003, the White House’s Office of Management and Budget issued binding rules on the use of cookies by federal agencies and their contractors — stating:

Particular privacy concerns may be raised when uses of web technology can track the activities of users over time and across different web sites. [...] Because of the unique laws and traditions about government access to citizens’ personal information, the presumption should be that "cookies" will not be used at Federal web sites.

If cookies are going to be used, the rules require that the site include "clear and conspicuous notice" of the cookies, that there exists a "a compelling need to gather the data on the site," that there are "appropriate and publicly disclosed privacy safeguards" for cookie information, and that the head of the agency personally approves the cookies.



Read More http://www.wired.com/threatlevel/200...#ixzz0f6zv9zZy

DevilDog438 Feb 9, 2010 11:30 pm
A three year old article, posted in its entirety...any new information or other reason for posting it?

mileena Feb 9, 2010 11:35 pm
yeah it appeared on the front page of wired.com a few hours ago. i didn't know it was that old. it was front page news.

PhlyingRPh Feb 9, 2010 11:47 pm
Originally Posted by DevilDog438 (Post 13361382)
A three year old article, posted in its entirety...any new information or other reason for posting it?
Perhaps someone could launch something that could be considered by some definitions, a cyber attack on the TSA website, to teach them a lesson.

senseker Feb 9, 2010 11:52 pm
Originally Posted by PhlyingRPh (Post 13361437)
Perhaps someone could launch something that could be considered by some definitions, a cyber attack on the TSA website, to teach them a lesson.
Oh yea, attack a government website.

http://people.freebsd.org/~keramida/...s-is-going.jpg

birdstrike Feb 10, 2010 12:03 am
Originally Posted by senseker (Post 13361457)
Oh yea, attack a government website.
I hope you know this is a daily occurrence? There is nothing special about denial-of-service or other attacks. Pretty much the web and its managers route around them. It is rare that they make the news.

senseker Feb 10, 2010 12:05 am
Originally Posted by birdstrike (Post 13361489)
I hope you know this is a daily occurrence? There is nothing special about denial-of-service or other attacks. Pretty much the web and its managers route around them. It is rare that they make the news.
I know. I'm just sayin'....

aviators99 Feb 10, 2010 12:11 am
Cookies are essentially tokens of information, such as preferences and passwords, that some Web servers collect from you when you access them. That data is stored on your hard drive-not on the Web site’s server. Whenever you visit a "cookie" site, the server looks for its cookie on your hard drive and, if found, then reads the information it stored there.
Felt I should point out that the above is not true. The "data" (other than the cookie itself) *is* stored on the server. The last sentence should read: "Whenever you visit a 'cookie' site, the server looks for its cookie on your hard drive and, if found, then reads the information it stored on its own servers."

Actually, if you want to get even more correct, the server tells the computer (client) to look for its cookie on your hard drive...

PhlyingRPh Feb 10, 2010 12:14 am
Originally Posted by senseker (Post 13361457)
Oh yea, attack a government website.

http://people.freebsd.org/~keramida/...s-is-going.jpg
Thank you for your discretion. :D

goalie Feb 10, 2010 10:40 am
TSA Using Illegal Tracking Cookies
just another reason to reset your browser and/or clear your cache and cookies after visiting certain websites

iCorpRoadie Feb 10, 2010 11:38 am
Originally Posted by goalie (Post 13364048)
just another reason to reset your browser and/or clear your cache and cookies after visiting certain websites
Or just more reason to use Private Browsing, where nothing is saved and it's all deleted after each session.

sbm12 Feb 10, 2010 11:58 am
Originally Posted by aviators99 (Post 13361514)
Felt I should point out that the above is not true. The "data" (other than the cookie itself) *is* stored on the server. The last sentence should read: "Whenever you visit a 'cookie' site, the server looks for its cookie on your hard drive and, if found, then reads the information it stored on its own servers."
Not really. At least not necessarily. The cookie does, in fact, only hold certain information on your local computer. It might reference a server-side data structure that should be loaded or it might just reference something local. But there is no guarantee that there is specific information stored on the server that is gleaned from the cookie itself.

Originally Posted by aviators99 (Post 13361514)
Actually, if you want to get even more correct, the server tells the computer (client) to look for its cookie on your hard drive...
This I agree with, but, again, that doesn't mean that there is necessarily data about the client stored on the server inside the cookie.

bocastephen Feb 10, 2010 12:29 pm
I'm sure the cookie could, for example, report back to the TSA which computers visited the TSA website and the Flyertalk website (or others such as the ACLU, etc.), and record and report their IP addresses which could then be run through a database to ascertain who its assigned to (i.e. John Smith's Comcast cable Internet account).

aviators99 Feb 10, 2010 4:02 pm
Originally Posted by sbm12 (Post 13364711)
Not really. At least not necessarily. The cookie does, in fact, only hold certain information on your local computer. It might reference a server-side data structure that should be loaded or it might just reference something local. But there is no guarantee that there is specific information stored on the server that is gleaned from the cookie itself.
True, but the point I was trying to make is that it doesn't store additional information on the hard drive like it said. That was the incorrect part.

thadocta Feb 11, 2010 2:01 am
Originally Posted by goalie (Post 13364048)
just another reason to reset your browser and/or clear your cache and cookies after visiting certain websites
Or use sites like this.

Dave


All times are GMT -6. The time now is 10:49 pm.
Page 1 of 2
1
2
Show 40 post(s) from this thread on one page


This site is owned, operated, and maintained by MH Sub I, LLC dba Internet Brands. Copyright © 2026 MH Sub I, LLC dba Internet Brands. All rights reserved. Designated trademarks are the property of their respective owners.